Shodan
Vulnerabilities
Vulnerable Software
Omron:  Security Vulnerabilities
CVE-2018-19015
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.
CVSS Score
7.3
EPSS Score
0.002
Published
2019-01-28
CVE-2018-19019
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
7.3
EPSS Score
0.002
Published
2019-01-22
CVE-2018-19011
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-01-22
CVE-2018-19013
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.
CVSS Score
5.0
EPSS Score
0.001
Published
2019-01-22
CVE-2018-19017
Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-01-22
CVE-2018-18989
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-12-04
CVE-2018-18993
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.
CVSS Score
7.8
EPSS Score
0.006
Published
2018-12-04
CVE-2018-17905
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-05
CVE-2018-17907
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
CVSS Score
3.3
EPSS Score
0.001
Published
2018-11-05
CVE-2018-17909
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved